[00:22] <niluje> hi guys
[00:22] <niluje> "quick" question about meltdown: I understand how to read anything from the kernel by getting its content byte per byte
[00:23] <niluje> what I don't understand is how to escape from a virtual machine
[00:23] <niluje> hence the question: how two virtual machines address spaces are isolated from each other in the iommu?
[00:24] <niluje> I realize the question might not make any sense and I could be missing something
[14:13] <dsd> i'm working on backporting the 4.14 KPTI patches to ubuntu 4.13 artful kernel, any ubuntu kernel devs interested in collaborating? or any existing efforts i can join?
[14:16] <apw> dsd, we're trying hard to get that done
[14:17] <dsd> apw: can we work together?
[14:17] <dsd> i have explored 2 approaches:
[14:18] <dsd> 1. take the stable queue 4.9 patches and apply to 4.13. result: looks pretty difficult, too many changes between 4.9 and 4.13, especially the 5 level page tables. i put this idea on pause after doing a couple of the patches
[14:19] <dsd> 2. take 4.14 stable patches and apply on artful kernel. there are basically 3 batches of patches to deal with. i have just completed the first batch (from 4.14.9) and it compiles
[14:19] <dsd> feeling more positive about that approach - hopefully just need to do that another 2 times and then pray that it boots
[14:20] <apw> well we have been looking at the 2. form as well
[14:22] <dsd> looking or doing? would it be useful for me to share what i've done so far, or is there any work in progress that can be shared from your side?
[14:26] <apw> we have something in testing, just not sure how complete it is right now
[14:28] <apw> sorry very distracted
[14:28] <dsd> happy to take a look if you publish it somewhere
[14:28] <apw> will try and get bck to you in a bit
[14:29] <dsd> ok, i'll also push what i've done in case it is useful, just a min
[14:44] <dsd> https://github.com/endlessm/linux/tree/artful-kpti and notes https://gist.github.com/dsd/f98a8f1a15f701934ece3e70c9b8fb0a
[17:46] <ricotz> tseliot, hi, I guess you are already aware of this nvidia-blob problem https://devtalk.nvidia.com/default/topic/1028222/linux/lts-kernel-patch-for-intel-cpu-vulnerability-breaks-nvidia-driver/post/5230546/#5230546
[18:03] <mdeslaur> apw: our updated kernel may hit that nvidia issue ^
[18:09] <mamarley> Interestingly, I did not hit that bug.  It compiled fine (387.34, 4.14.11) for me.
[18:10] <ricotz> mamarley, the archive contains 384
[18:10] <mamarley> The guy in the thread says 387 failed to compile though.
[18:11] <TJ-> maybe it depends on which of the patch-set was included? there have been some recent commits since 4.14.11 was published
[18:11] <tyhicks> apw: regarding the nvidia issue, the only thing I can spot is the addition of the __visible attribute to cpu_tlbstate in https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6fd166aae78c0ab738d49bda653cbd9e3b1491cf
[19:34] <tseliot> ricotz: sigh... no, I didn't look into that